from django.shortcuts import render, redirect
from django.contrib.auth.hashers import make_password, check_password
from . import models
import hashlib

# Create your views here.


def index(request):
    return render(request, 'index.html')


def login(request):
    if request.method == 'GET':
        # 用户初次进入展示登录表单
        return render(request, 'login.html')
    elif request.method == 'POST':
        # 连接上下文
        context = {
            'message': ''
        }
        # 用户提交表单
        username = request.POST.get('username')
        password = request.POST.get('password')

        # 验证账户名密码
        user = models.User.objects.filter(name=username).first()
        if user:
            if _hash_password(password) == user.hash_password:
            # if user.password == password:
                context['message'] = '登录成功'
                # 服务器设置sessionid和其他用户信息.sessionid（服务器给访问他的浏览器的身份证）自动生成的。
                request.session['is_login'] = True
                request.session['username'] = user.name
                request.session['userid'] = user.id
                return redirect('/index/')   # 返回的响应中包含set-cookie（sessionid=‘vgutio’），浏览器收到响应后会把sessionid存入到cookie中。
            else:
                context['message'] = '密码错误，请重新输入密码'
                return render(request, 'login.html', context=context)
        else:
            context['message'] = '用户未注册'
            return render(request, 'login.html', context=context)


def register(request):
    if request.method == 'GET':
        # 注册表单
        return render(request, 'register.html')
    elif request.method == 'POST':
        # 获取表单数据
        username = request.POST.get('username')
        password = request.POST.get('password')
        email = request.POST.get('email')

        # 简单后端表单验证（正则最合适）
        # if not username.strip() and password.strip() and email.strip():
        #     return render('/register/', context={'message': '某个字段不能为空'})
        # if len(username) > 20 or len(password) > 20:
        #     print('用户名或密码长度不能超过20')
        # 排除特殊字符串 eval() \q &$

        # 写数据库
        user = models.User.objects.filter(email=email).first()
        if user:
            return render(request, 'register.html', context={'message': '用户已注册'})
        # 'insert into login_user（name, password,email） values (%s,%s,%s)'%('','','')

        # 加密密码
        hash_password = _hash_password(password)

        # 写入数据库
        try:
            user = models.User(name=username, password=password, hash_password=hash_password, email=email)
            user.save()
            print('保存成功')
            return render(request, 'login.html', context={'message': '注册成功，请继续登录'})
        except Exception as e:
            print('保存失败', e)      # 比起用render, 最好用redirect加flash
            return redirect('/register')


def logout(request):
    """登录成功"""
    # 未登陆时，不让走登出函数，防止黑客走错误的业务逻辑
    # if request.session.get('is_login', None):
    #     return redirect('/index/')

    # 登录成功，清除session
    request.session.flush()    # 清除此用户sessionid对用的所有sessiondata
    # del request.session['user_id']    # 清除某个session键值对
    return redirect('/index/')


def _hash_password(password):
    """哈希加密用户注册密码"""
    sha = hashlib.sha256()
    sha.update(password.encode(encoding='utf-8'))
    return sha.hexdigest()


# def _hash_password(password, salt='asdf'):
#     """哈希加密用户注册密码 加盐版"""
#     salt = ''
#     for i in range(4):
#         salt += char(random.randint(65,90))
#     sha = hashlib.sha256()
#     sha.update(password+salt.encode(encoding='utf-8'))
#     return '$asdf$' + sha.hexdigest()



# 查询数据库   'select * from login_user where name={} and password=%s'%(username,password)
#         user = models.User.objects.filter(name=username, password=password).first()
